diffx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exposes the agent to untrusted data by fetching diffs from external sources. An attacker could embed malicious instructions within a PR or commit that the agent is then instructed to analyze.
- Ingestion points: Remote URLs (GitHub/GitLab) and local Git worktrees via the
diffxtool. - Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions found within the diff data.
- Capability inventory: Command execution via the
diffxCLI. - Sanitization: Absent; the agent is not instructed to sanitize or validate the content of the diffs.
- [Command Execution] (SAFE): The skill is designed to generate CLI commands for a specific tool (
diffx). While it performs command execution, this behavior is consistent with the skill's primary stated purpose and does not appear to facilitate arbitrary shell injection.
Audit Metadata